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(54) METHOD AND SYSTEM FOR MANAGING ACCESS TO DATA 



(57) In providing a system that can manage access 
to data to effectively prevent illegal access to the data or 
the like, there is provided a system tor embedding 
access management information that prepares man- 
agement information for managing access to the data, 
and embeds the management information in the data 
through data transformation without changing amount 
of data. In managing access to data, there is provided a 
method that extracts management information embed- 
ded in the data through data deformation without chang- 
ing amount of data, and manages access to the data 
according to the extracted management information. 
There is also provided a method for changing manage- 
ment of access to the data according to the type of 
medium in which the data is stored (RAM or ROM). The 
management information further contains information 
for controlling recording of the data, reception of the 
data, playback of the data, interference of output of the 
data, duplication history of the data, or modification of 
the management information. The access management 
method can prevent illegal duplication of data or the like, 
and can effectively protect a work. 



[Figure 5] 
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Description 

[Field of the invention] 

5 [0001] The present invention relates to a method and system for managing access to data by utilizing management 
information embedded in the data. More particularly, it relates to embedding management information into data and 
managing access to the data, based on this management information, when the data is accessed. 

[Background art] 

10 

[0002] With the spread of multimedia environments, systems handling digital information, such as digital video disks 
(DVDs), digital video cameras (DVCs), digital CS satellite broadcasting, and internets, are becoming still more popular. 
Also, the development of apparatuses that can process and transfer very large quantities of multimedia data at high 
speed has advanced. However, it depends upon the number of applications for attraction contents such as theater mov- 
75 ies whether or not the aforementioned apparatuses will be spread from now on. No matter how excellent hardware may 
be, the spread of the hardware would be difficult unless a large quantity of contents that attracts the purchasing desire 
of customers are distributed. 

[0003] What becomes problematic at this time is the protection of works. For example, digital video disks have a suf- 
ficient hardware based method in the distribution of theater movies, however, for problems with protection of contents, 

20 particularly with illegal duplication (copy), there have been no methods provided such as suppliers of contents can sat- 
isfy. This is because, although the contents of digital data can be easily duplicated and changed, there is provided no 
effective specification to prevent such action. Thus, it is the current status that many attractive contents cannot be 
expected to be distributed with these media. In fact, since such problems with copyright have not been solved, digital 
video cameras have only been sold as exclusive machines for photographing. Thus, effectively protecting digitized 

25 works is indispensable for a further spread of multimedia, and the development of such protection techniques and the 
generation of normalized standards have been expected. 

[0004] One of conventional attempts to control duplication of digital contents such as music is to adopt a copy gener- 
ation management system (CGMS) signal in digital audio tape (DAT). The CGMS signal is constituted by two bits of 
data and represents the following duplication conditions. 

30 



CGMS Signal Duplication Conditions 


11 


Duplication inhibition 


00 


No limitations on duplication 


10 


One-time duplicability 



40 [0005] The aforementioned method writes the two data bits in a predetermined place of data format. When duplication 
of data is performed, the aforementioned CGMS signal is detected at the side of a receiver. If the content of the signal 
represents duplication inhibition, the receiver stops the duplication of the content. However, this written place can be 
easily specified and the content can also be easily written over, so it is easy for users to overwrite the content of this 
signal. That is, it is difficult in the conventional technique to effectively prevent the illegal duplication of contents because 

45 it has various disadvantages such that 

it is an approach to append data management information separate from the data: and 
it is easy to identify where is the management information. 

so [0006] Hence, there has been a desire for the development of techniques that can effectively control access to digital 
contents and effectively prevent illegal duplication. 

[Disclosure of the invention] 

55 [0007] In view of the aforementioned problems, the objective of the present invention is to provide a system that is 
capable of controlling access to data and effectively preventing illegal access to data or the like. 
[0008] To attain such objective, there is provided an access management information embedding system for prepar- 
ing management information for managing access to data, and embedding the management information in the data 
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through data transformation not changing amount of data, wherein the management information embedded through 
data transformation not changing amount of data is extracted in managing access to the data, access to the data being 
managed according to the extracted management information. In addition, management of access to the data is varied 
according to the type of medium in which the data is stored such as RAM (rewritable type), R (write once type) or ROM 
5 (read-only type). In addition, the management information is arranged to contain information for controlling recording of 
the data, reception of the data, playback of the data, interference of output of the data, duplication history of the data, 
or modification of the management information. 

[0009] Controlling recording of the data means that, when the management information is embedded in data con- 
tained in a medium such as a CD-ROM, the content of the CD-ROM is permitted or inhibited to be duplicated in another 
io medium such as a digital video disk. 

[001 0] Controlling reception of the data means that, when the management information is embedded in data incoming 
over, for example, radio wave or a network, the data is received by a receiver, and permitted or inhibited to be output 
from the receiver. 

[0011] Controlling playback of the data means that, when the management information is embedded in data con- 
15 tained in a medium of a type such as a RAM (rewritable type) or R (write-once type), the data is permitted or inhibited 
to be reproduced. 

[0012] Controlling interference of output of the data means that, when the management information is embedded in 
data contained in a medium of a type such as a RAM or R, the data is permitted or inhibited to be output outside, or 
output interference is controlled by superimposing noise on an output signal. 
20 [001 3] Controlling duplication history of the data means that, for example, when the management information embed- 
ded in the data contains information allowing duplication only once, after duplication is performed once, additional infor- 
mation for inhibiting duplication other than the management information is added to the management information, 
whereby further duplication or playback is controlled by the management information and the additional information. 
[001 4] Controlling modification of the management information means that, for example, when the management infor- 
ms mation embedded in the data contains information allowing duplication only once, after duplication is performed once, 
the management information itself is modified to inhibit further duplication. 

[0015] Although the management information relates to recording, duplication, reception, playback, duplication his- 
tory, output interference or the like of the data, the present invention controlling access based on the content of embed- 
ded management information in accessing the data-can be appropriately applied to other management such as 
so restriction on access equipment restriction of access users, deadline for use of data, and authentication information 
without departing from the spirit of the invention. 

[0016] "Embedding" used herein means to hide specific information through deformation of data itself by using data 
hiding technique or the like. Here, data hiding is a generic term of technique for embedding information in another 
medium (still image, audio, motion image, or the like). Unlike encryption, the technique does not aim how to hide irrfor- 

35 mation, but how to integrate information in a medium in which it is embedded. 

[001 7] One of important features of data hiding lies in that it is an invisible marking technique. Since it is not to add a 
data bit when information is embedded in a medium, but the information is embedded by manipulating existing data so 
that it cannot be perceived by human visual sensation (data transformation), there is no increase in the total amount of 
data due to embedding of additional information. For example, the storage side can handle one type of medium through 

40 embedding of text or audio information in an image. One of other features includes indivisibility of the embedded infor- 
mation. Since the data hiding directly embeds additional information in the data structure of the medium, not in a header 
or a separate file, the embedded information can be extracted as long as the quality of original data is saved even if the 
platform pf the medium or the data format is changed. 

[001 8] The present invention is an invention relating to a method and system for managing access to data by utilizing 
45 management information embedded in the data with use of such data hiding technique or the like. It should be noted 
that the access management method according to the present invention is not limited to a specific data hiding tech- 
nique, but any technique can be utilized as is as long as it embeds information through data transformation without 
changing amount of data. 

so [Brief Description of the Drawings] 



[0019] 



Figure 1 is a diagram showing a procedure for recording media data on a storage medium; 



55 



Figure 2 is a diagram for explaining the hiding and extraction of data employing PBC (Pixel Block Coding); 



Figure 3 is a diagram for explaining the data hiding using PBC in the case where one pixel comprises a pixel block; 
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Figure 4 is a diagram showing procedure for managing playback of data recorded on a medium; 
Figure 5 is a block diagram of a system for managing access to data and outputting the data; 
5 Figure 6 is a diagram illustrating an arrangement of pictures in MPEG; 

Figure 7 is a diagram showing the state of macro blocks arranged in a B picture; and 

Figure 8 is a block diagram of a data access management system according to another embodiment. 

10 

[0020] Reference numerals and designations for major components correspond as follows: 




51 


DVD-ROM 


52 


Reader 


53 


Decoder 


54 


Decryption unit 


55 


MPEG decoder 


56 


Management information extractor 


57 


D/A converter 


58 


Management information modifier 


59 


Switch 


60 


Interference signal generator 


61 


Data supplier 


62 


Signal processing system 


63 


Output section 







[Best Mode for Carrying out the Invention] 

[0021 ] Figure 1 is a diagram showing a procedure (authoring) for recording data on a storage medium. Data, such as 
30 images, voices, and software, is recorded on DVD-ROM media in accordance with the following procedure. Data that is 
analog data is converted to digital data by performing analog/digital conversion processing (step 11). This converted 
digital data is compressed, for example, with a moving picture experts group (MPEG) (step 12). This compressed data 
is further coded and encrypted (step 13). Finally the media data is modulated (step 14) to be recorded on DVD-ROM 
media. 

35 [0022] In this embodiment of the present invention, data is embedded with management information before, during 
or after compression, and then is recorded on a DVD-ROM device. When systems have access to the data recorded on 
DVD-ROM, the management information is used to restrict the access to the data, and based on this management infor- 
mation, systems are controlled. In this embodiment, management information for managing duplication of data will be 
described as an example. The management information represents respective status with two-bit data as follows. 

40 



Status 


Contents of manage- 
ment information 


Duplication inhibition 

No limitations on duplication 

One-time duplicability 


11 

00 (or, no data) 
10 



[0023] The embedding of management information into data is performed, for example, between analog/digital con- 
version (step 1 1) and MPEG compression (step 12) (or, after compression). This embedding can be done by a tech- 
nique called data hiding. 

[0024] Here, a description will be made of, as an example, pixel block coding (hereinafter referred to as PBC) which 
55 is both a method of embedding management information which becomes an object of hiding into certain data and con- 
versely a method of extracting the embedded data. 

[0025] When PBC is employed, in data hiding and data extraction, data are processed according to a predetermined 
conversion rule. Generally, in a certain image, the primary characteristics, such as pixel values of two adjacent pixels, 
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have mutually high correlation. For example, if there exists a "forest" area in a part of image, adjacent pixels are in very 
similar green, and have mutually high correlation. Therefore, even if these pixel values were replaced with each other, 
such replacement could be little visually perceived. That is, even if pixel values with high correlation are manipulated 
according to a certain conversion rule, a degradation would not virtually arise. 
5 [0026] In view of this nature, one bit of data is hidden by defining as a pixel block (i.e., a region to be embedded) an 
image region having at least one pixel and also by intentionally controlling the characteristic of an adjacent pixel block, 
based on a certain conversion rule. Data is expressed by the comparison result of the characteristics of adjacent pixel 
blocks. Also, when data is extracted, it is extracted according to the extraction rule which is determined based on this 
conversion rule. 

io [0027] Bit information is expressed by -replacing the characteristic values (e.g., brightness values) of two adjacent 
pixel blocks with each other in accordance with the following conversion rule. 

(Conversion Rule) 

15 [0028] 

Bit 1 : Case where the characteristic value of one pixel block (PB1) is greater than that of the other (PB2) 
Bit 0: Case where the characteristic value of one pixel block (PB1) is less than that of the other (PB2) 

20 [0029] Also, the bit information is extracted by comparing the characteristic values (e.g., brightness values) of two 
adjacent pixel blocks in accordance with the following extraction rule corresponding to the aforementioned conversion 
rule. 

(Extraction Rule) 

25 

[0030] 

Case where the characteristic value of one pixel block (PB1) is greater than that of the other (PB2): bit 1 

30 Case where the characteristic value of one pixel block (PB1 ) is greater than that of the other (PB2): bit 0 

[0031 ] Figure 2 is a diagram for explaining how the hiding and the extraction of data are performed with the aforemen- 
tioned PBC. The pixel block PB1 or PB2 may be defined, for example, as a set of a plurality of pixels such as 3 x 3 pixels, 
and it is also possible to define a single pixel as a single pixel block. Since adjacent pixel blocks have high correlation, 

35 image degradation would not be felt to the extent that it could be visually recognized, even if the^positions of adjacent 
pixel blocks were replaced with each other (Figure 2(a)). Consider the case where the positions of the pixel blocks in an 
original image are those shown in Figure 2(b). First, the characteristic values of two pixel blocks are compared, and as 
the result, assume that the characteristic value of PB1 is greater than that of PB2. When data 1 is hidden in the original 
image, the characteristic values of the pixel blocks have already satisfied the condition of the data 1 in the conversion 

40 rule, so the characteristic values of these blocks are not replaced with each other. On the other hand, when data is 
extracted, the extraction rule has defined that the case of the characteristic value of PB1 being greater than that of PB2 
is data 1 , so data 1 is extracted. 

[0032] In addition, when data 0 is hidden in the original image, the relation between the characteristic values of the 
pixel blocks in the original image does not satisfy the condition of data 0 in the conversion rule, so the characteristic 
45 values of the pixel blocks are replaced with each other. However, this replacement cannot be recognized visually. When 
data is extracted, data 0 is extracted from the relation of the characteristic values of these blocks in accordance with the 
extraction rule. 

[0033] The characteristic value can employ a value related to the primary characteristic and a value related to the 
secondary characteristic of a pixel block (i.e.. a region to be embedded), besides the aforementioned brightness value. 

so The primary characteristic is the direct parameter of a pixel value, such as the brightness or chromaticity of a pixel 
block. Also, the secondary characteristic is obtained by resolving the primary characteristic, like a value representative 
of statistical nature such as the average value or dispersion value of the aforementioned parameters. 
[0034] In addition, it is noted that pixel blocks that become objects of PBC are not always limited to adjacent blocks. 
The characteristic value of a pixel block will hereinafter be described with the brightness value that is the primary char- 

55 acteristic and the dispersion value that is the secondary characteristic, as examples. 

[0035] First, a description will be made of the case where the characteristic value of a pixel block is taken to be a 
brightness value. Since most natural images have a very high correlation between adjacent pixels, replacing them with 
each other will not result in a considerable degradation in the image. Figure 3 is a diagram for explaining the embedding 
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of data of six bits in six pixel blocks based on the aforementioned PCB in the case where 1 pixel corresponds to a pixel 
block. 

[0036] In case where blocks containing relatively large number of pixels are used to improve resistance against editing 
or compression of images, if the brightness values of pixels are replaced with each other between pixel blocks, noise 
5 such as stripes may occur on the image. Hence, there is considered a method that employs a dispersion value of the 
brightness of pixels as a characteristic value. 

[0037] When the nature of the brightness value of a pixel block is resolved into an average value h and a dispersion 
value d, there could be a less influence on the image in case where, in the pixel blocks, the average value h remains 
the same and only the dispersion value d is replaced than in case where the average value is simply replaced. There- 
io fore, it becomes possible to hide information through the data transformation without changing amount of data by mak- 
ing use of this nature, taking the characteristic value of a pixel block to be this dispersion value d, and replacing this 
dispersion value in accordance with the aforementioned conversion rule. See Japanese Patent Application No. 8- 
159330 (Docket No. JA 9-96-044). 

[0038] As in Figure 2(c), consider the case where a pixel block PB1 has an average value and a dispersion value 
75 d 1 and a pixel block PB2 has an average value hg and a dispersion value d 2 . When a bit 1 is hidden, is less than d 2 . 
so this does not satisfy the condition of bit 1 of the conversion rule. Therefore, only the dispersion values d 1 and d 2 are 
replaced with each other between both pixel blocks. This is equivalent to exchanging the sizes of configurations of dis- 
tributions without changing the average values h of characteristic values of pixels in the blocks. 
[0039] Thus, the embedding of data using the aforementioned data hiding technique, first specifies an embedding 
20 region, into which management information is embedded, in the aforementioned data. Then, a conversion rule where 
the contents of data to be embedded is caused to correspond to the status (characteristic) of an embedding region is 
made, and the status (characteristic) of the embedding region is directly controlled according to management informa- 
tion by referring to the conversion rule. By this direct control, the management information can be embedded into the 
data. By directly controlling original data, the embedding of the management information united to the original data is 
25 performed. Therefore, since the separation and change of only the management information are difficult, the access 
management of data can be effectively performed. Note that for the details of PBC, see Japanese Patent Application 
No. 8-159330 (Docket No. JA 9-96-044). In addition, such techniques are comprehensively called data hiding, elec- 
tronic watermark. 

[0040] The data embedded with management information with the data hiding technique and stored on a DVD-ROM 
30 device by the aforementioned method is accessed according to the following procedure. First, data is read out from the 
DVD-ROM device. The read-out data is, as described in connection with Figure 1 , a signal modulated (in step 14) after 
data embedded with management information is compressed (in step 11) with MPEG and also after media data is 
coded and encrypted (in step 12). 

[0041] Figure 4 is a diagram showing a procedure for managing the data access method. First, data embedded with 
35 management information is supplied to the access system. The source of data includes, for example, storage media 
such as DVD-ROM and CD-R, communication such as internet, or satellite broadcasting. The supplied data is demod- 
ulated (in step 41) and decoded (in step 42). If the data is MPEG compressed, it is decompressed (step 43). The man- 
agement information embedded in the data is extracted, and, if required, the content of management information is 
modified, and only required modification is embedded in the data again. 
40 [0042] To extract management information from data input into the recorder, the aforementioned extraction process 
that is one of the data hiding methods is utilized. First, an embedding region, in which the management information was 
embedded, is specified from read-out data. Next, by referring to the extraction rule where the status of an embedding 
region is caused to correspond to the contents of data, the duplication enabling information is extracted according to 
the status of the embedding region. Now, if the extracted management information is data 00, duplication of data is 
45 allowed according to the aforementioned rule. Also, if the extracted management information is data 1 1 , it means that 
duplication of media data is inhibited. In this case an access system is controlled so that duplication of data is inhibited. 
Data 10 means that duplication of media data is allowable under a certain condition (only once). This means that dupli- 
cation is allowed to be generated based on data in an original DVD-ROM, but further duplication based on the dupli- 
cated data is inhibited. 

so [0043] In this case an access system is controlled so that duplication of data is allowed only once, and furthermore, 
it is necessary that data is prevented from being duplicated based on the duplicated data. Since it is important that the 
duplication thereafter, based on the duplicated data from the original, is inhibited, when the original is duplicated, dupli- 
cation condition indicated by the management information embedded in the original data is rewritten from data 10 (one- 
time duplicability) to data 1 1 (duplication inhibited) and then it is output as an output signal. Since the data as this output 

55 signal is embedded with management information indicating the condition of "duplication inhibited," data cannot be fur- 
ther duplicated based on the duplicated data. In addition, there is an option adding bits that indicates history of dupli- 
cation once. It is essential in the subsequent playback control to determine whether it is legally copied of illegally 
copied. 
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[0044] Figure 5 is a block diagram of a playback system for data stored on a DVD-ROM device. The DVD-ROM device 
51 on a data supply supplier 61 stores data in which management information was embedded with the data hiding tech- 
nique, as described above. The data, read out of the DVD-ROM device 51 by a reader 52 in the data supplier 61, is 
processed by a demodulator 53, a cryptograph decoder 54, and an MPEG decoder 55, ail of which constitute a signal 

5 processing system 62. As a consequence, decompressed digital data is obtained. 

[0045] A management information extractor 56 specifies an embedding region, in which management information was 
embedded, from the decompressed digital data which is the output of the MPEG decoder 55 (or, directly from MPEG 
data), and also extracts the management information in accordance with the status of the embedding region by referring 
to an extraction rule where the status of an embedding region is caused to correspond to the contents of data to be 

io extracted. A D/A converter 57 converts digitized data from which the management information was removed to an ana- 
log signal. Furthermore, a management information changer 58 is used to change the content of management informa- 
tion as needed. (Here, it should be noted that the management information may be extracted regardless of before or 
after the MPEG decompression.) 

[0046] AD/A converter 57 in the signal processing system 62 converts digitized data from which the management 
is information was removed to an analog signal, and outputs an analog playback signal (e.g. , NTSC). In addition, an inter- 
ference signal generated by an interference signal generator 60 (e.g., Analogous Protection System (APS) such as 
Macrovision Signal) is selectively superimposed on the analog playback signal by a switch 59 in an output section 63. 
The switch 59 is controlled by a control signal from the management information extractor 56. The output section 63 
outputs the analog playback signal or the superimposed signal as analog an output signal. 
20 [0047] In this system, the management information extractor 56 outputs a control signal to turn off the switch 59, when 
the management Information extracted by the management information extractor 56 enables duplication of data. In this 
case, the interference signal is not superimposed on the analog playback signal, and an analog output signal is output 
as it is. 

[0048] When, on the other hand, management information inhibits duplication of data, the management information 
25 extractor 56 outputs a control signal to turn on the switch 59. In this case an interference signal generated by the inter- 
ference signal generator 60 is superimposed on the analog signal which was output from the D/A converter 57. When 
it is intended to display movie images on a monitor based on the signal on which the interference signal is superim- 
posed, normal movie images can be displayed on the monitor without affected by the interference signal because of the 
characteristics of the monitor. However, if it is intended to record the movie images by using a digital VTR with an analog 
30 input terminal, they are affected by the interference signal, and normal movie images cannot be recorded. Therefore, 
duplication of data can be effectively prevented because the movie images can be reproduced from the signal super- 
imposed with the interference signal, but they cannot be digitized for recording. 

[0049] Note that when management information is "one-time duplicability" on the recorder, the management informa- 
tion changer 58 changes the management information of read-out data to "duplication inhibited" when it is recorded, 
35 and embeds it in the data when it is written to a next medium. Thus, the data duplication thereafter, based on duplicated 
data, can be effectively prevented. 

[0050] Furthermore, in addition to the basic management information, additional information may be used to control 
copy (duplication) and playback in more detail. This enables it to flexibly provide control depending on the type of 
recording/playback medium (such as ROM, RAM or R type). 

40 




Status 


Playback medium 


Playback medium 


Recording medium 


Management informa- 


Additional information 


ROM type 


RAM/R 


RAM/R 


tion 




Playback: OK 


Playback: NG 


Duplication: NG 


11 


0 


Playback: OK 


Playback: NG 


Duplication: NG 


11 


1 


Playback: OK 


Playback: OK 


Duplication: OK 


00 


0 


Playback: OK 


Playback: OK 


Duplication: OK 


00 


1 


N/A 


Playback: OK 


Duplication: NG 


10 


0 


N/A 


. Playback: OK 


Duplication: NG 


10 


1 



[0051] 0 in the additional information indicates that no duplication is performed, while 1 indicates that duplication is 
performed once. 
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[0052] In addition, N/A for the ROM type playback medium means that this combination does not exist. That is. dupli- 
cation/playback control can be flexibly performed in more detail without erasing/modifying the basic management infor- 
mation by using one-bit information indicating whether or not duplication is performed once in addition to information of 
data 1 1 (unconditionally duplication inhibited), 10 (one-time duplicability). and 00 (unconditionally duplication allowed). 
5 The additional information may be embedded by the same method for the previously embedded data (management 
information), or by another method to enhance security. As an alternative embodiment, the additional information may 
be arranged to provide versatile controls by using a number of bit, instead of one bit. Anyway, it may be similarly imple- 
mented without departing the spirit of the present invention. 

[0053] In addition, the management information is not limited to information on restriction on duplication. It is a matter 
io of course that the present invention is also applicable to various management information such as controlling system. 
For example, management information may also be the following playback enabling information. 

(Medium type = RAM) 

75 [0054] 





Status 


Contents of manage- 


20 




ment information 




Playback inhibition 


11 




No limitations on playback 


00 


25 


One-time regenerability 


10 



[0055] When playback enabling information enables playback of data, a system is controlled so that playback of data 
is allowed. Also, when playback enabling information inhibits playback of data, a system is controlled so that data is not 
output from the system. 

30 [0056] Besides the aforementioned information, the management information may be a serviceable term which deter- 
mines a period of time for which media data can be regenerated or recorded, authentication information for medium 
content playback, a disk key, or a title key. Any of these pieces of information is data that becomes necessary when data 
is accessed. 

[0057] Another data hiding technique is described as a second embodiment. It is noted that this embodiment is drff- 
35 ferent from the aforementioned embodiment in that the embedding of management is performed at the time of MPEG 
encoding and that the extraction is performed at the time of MPEG decoding. 

[0058] Now, how embedding of management information is actually performed in MPEG is briefly explained by refer- 
ring to the data hiding technique of Japanese Patent Application No. 8-272721 (Docket No. JA 9-96-074) as an exam- 
ple. 

40 [0059] In MPEG, forward prediction from a past playback image, rearward prediction from a future playback image, 
and bidirectional prediction using both forward prediction and rearward prediction are employed. 
[0060] Figure 6 is a diagram for explaining the array state of pictures in MPEG. As shown in the figure, in order to 
realize bidirectional prediction, MPEG prescribes three kinds of picture frames: an I picture, a P picture, and a B picture. 
[0061] Here, the I picture is an image processed with intraframe encoding (intra-encoding), and all macro blocks on 

45 this picture are processed by intra-encoding (intraframe prediction encoding). The P picture is an image processed by 
forward interframe prediction encoding, and in some cases, some of macro blocks on this picture are processed with 
intra-encoding. Furthermore, the B picture is an image processed by bidirectional interframe prediction encoding. The 
macro blocks on the B picture are basically coded by forward prediction, rearward prediction, or bidirectional prediction, 
but in some cases, intra-encoding is also included. The picture screen which is coded over the entire surface by intra- 

50 encoding is an I picture, and the I and P pictures are coded in the same order as an original moving picture image. On 
the other hand, for the B picture, the I and P pictures are processed and then a B picture which is inserted between the 
processed pictures is coded. 

[0062] The embedding region in which management information is embedded is the macro block on the B picture, 
and one bit of information can be embedded into one macro block. Therefore, when message data are multiple bits, 
55 there is the need to perform the embedding process with respect to the macro blocks corresponding in number to the 
multiple bits. Figure 7 is a diagram showing the state of macro blocks disposed on a B picture. The macro block is the 
unit that is coded. For each macro block, movement compensation relative to a brightness block with I6pixe!s x ^pix- 
els is performed, and information compression based on a time screen correlation is performed as an interframe pre- 
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diction method using movement compensation relative to a macro block unit. 

[0063] The macro blocks on the B picture can be classified into the following four groups as prediction types. 

• Intra Macro block (intraframe prediction macro block) 

5 

[0084] The intra macro block is a macro block that is coded by only the information about the screen itself without 
performing interframe prediction. 

• Forward Prediction Macro Block 

w 

[0065] The forward prediction macro block is a macro block that is coded with forward prediction by referring to the 
past I or P picture (reference frame). Specifically, a square region with 16 pixels x 16 pixels, which is most similar among 
the past reference frames, is retrieved, and this macro block has information about a prediction error (aP) which is the 
difference relative to the retrieved square frame and also has information about a spatial relative position (a moving vee- 
rs tor). Here, the prediction error aP is expressed as a difference between the brightness and the color difference obtained 
for 1 6 pixels x 1 6 pixels. Note that a criterion for selecting a similar square region depends upon encoders. 

• Rearward Prediction Macro Block 

20 [0066] The rearward prediction macro block is a macro block that is coded with rearward prediction by referring to 
future reference frames in order of display. A region, which is most similar among future reference frames, is retrieved, 
and this macro block has information about a prediction error (aN) which is the difference relative to the retrieved region 
and also has information about a spatial relative position (a moving vector). 

25 • Bidirectional Prediction Macro Block 

[0067] The bidirectional prediction macro block is a macro block that is coded with bidirectional prediction by referring 
to past and future reference frames. A region which is most similar among past reference frames and a region which is 
most similar among future reference frames are retrieved, and this macro block has information about a prediction error 
30 ((aN + (P)/2 ) which is the difference relative to the average (per pixel) of these two regions and also has information 
about a spatial relative position (two moving vectors) between them. 

[0068] To embed message data, at least one macro block, which is given an embedding process, must first-be spec- 
ified in a B picture. This may be defined, for example, as the respective macro blocks (embedding regions) which exist 
between the first line and the third line of the B picture, or it may be defined as the entire macro block of a certain frame. 

35 In addition to the macro block being previously defined as format in this way. it can also be determined by employing 
algorithm that generates a position sequence. Note that the algorithm for generating a position sequence can employ 
the algorithm disclosed, for example, in Japanese Patent Application No. 8-1 59330 (Docket No, J A 9-96-044). Next, for 
the specified macro blocks that are embedded, one bit of data is embedded into one macro block, based on an embed- 
ding rule. This embedding rule is one where bit information is caused to correspond to the prediction type of a macro 

40 block. For example, there is the following rule. 

(Embedding Rule) 
[0069] 



Bit information to be 
embedded 


Interframe prediction type of a macro block 


Bit"!" 
Bit "0" 


Bidirectional prediction macro block (represented by B) 

Forward prediction macro block (represented by P) or rearward prediction macro block 
(represented by N) 



55 

[0070] For example, consider the case where management information bits 101 0 are embedded. The four bits of data 
are embedded in four embedding regions disposed from the left first macro block of the first line shown in Figure 7 up 
to the fourth macro block. First, the first data bit is a 1, so the prediction type of the leftmost macro block (the first 
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embedding region) is determined to be bidirectional prediction (B) in accordance with the aforementioned embedding 
rule. The prediction error in this case becomes a prediction error which is the difference relative to the average of a 
region which is most similar among past reference frames and a region which is most similar among future reference 
frames. The next data bit is a 0. 

5 [0071 ] Therefore, the prediction type of the second macro block (the second embedding region) is either forward pre- 
diction macro block (P) or rearward prediction macro block (N) in accordance with the embedding rule. In this case, in 
order to suppress image degradation, the prediction error in the forward prediction and the prediction error in the rear- 
ward prediction are compared to select the type whose prediction error is smaller. In the example of Figure 3, since the 
prediction error in the forward prediction is smaller than that in the rearward prediction, the forward prediction (P) is 

w selected for the second macro block. Similar procedure is repeatedly applied to the third embedding region and the 
fourth embedding region. 

[0072] As a consequence, the prediction type of the third macro block becomes bidirectional prediction (B), and the 
prediction type of the fourth macro block is determined to be rearward prediction (N) because the prediction error in the 
rearward prediction is smaller. In the way, the interframe prediction types of the first to the fourth embedding regions are 
75 taken to be BPBN and four data bits 1010 (i.e., the management information 1010) are embedded in these regions by 
data transformation without changing amount of data. This is the example of embedding of management information in 
MPEG using the data hiding technique described in Japanese Published Unexamined Patent Application No. 8-272721 
(Docket No. JA 9-96-074). 

[0073] Now, a description will be made of a method of extracting the management information which was embedded 
20 in the aforementioned procedure. In the case where management information is extracted, information for specifying a 
macro block in which the management information has been embedded must first be given. The specifying information 
may be given by an outside unit. Also, it is possible to previously embed the specifying information in data itself. In addi- 
tion, in the case where the position of an embedding region is standardized or if an algorithm for generating a position 
sequence is known, message data can be extracted. A message data extracting method using a position sequence is 
25 disclosed in the aforementioned Japanese Patent Application No. 8-1 59330, for example. 

[0074] Next, from the prediction type of the specified embedding region, the information embedded in that region is 
extracted by referring to an extraction rule. This extraction rule is a rule where the prediction type of a macro block is 
caused to correspond to bit information, and this extraction rule has to be given as information when extraction is per- 
formed. As this rule, there is the following rule. It is noted that the corresponding relation between prediction type and 
30 bit information in this extraction rule is the same as that of the aforementioned embedding rule. 

(Extraction Rule) 

[0075] 

35 



Interframe prediction type of a macro block 


Bit information to be I 
extracted 


Interframe prediction type of a macro block 
Interframe prediction type of a macro block 

Forward prediction macro block (represented by P) or rearward prediction macro block 


Bin- 
Bit "0" 



45 

[0076] A description will be made of the case where management information has been embedded as shown in Fig- 
ure 7. As previously described, management information bits have been embedded as a premise in the embedding 
regions from the left first macro block of the first line shown in Figure 3 up to the fourth macro block. Because the pre- 
diction type of the leftmost macro block is bidirectional prediction (B), bit 1 is extracted by referring to the aforemen- 

50 tioned extraction rule. The prediction type of the second macro block is forward prediction (P), so bit 0 is extracted 
according to the extraction rule. By repeatedly applying the same procedure to the other macro blocks, bit 1 and bit 0 
are extracted in sequence. As a consequence, management information bits 1010 are extracted from these regions. 
[0077] According to this embodiment, the prediction type of a macro block and an embedded bit are determined so 
that they are caused to correspond with each other, when a moving picture image is coded. Therefore, management 

55 information can be embedded in the moving picture image without substantially having an influence on the compression 
efficiency of the. moving picture image and also without substantially causing a degradation in the picture quality. In 
addition, it is very difficult to remove the management information embedded in this way from the moving picture image. 
Furthermore, since an amount of information to be embedded is almost independent of the contents of an image, it is 
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possible to efficiently embed message data. 

[0078] As will be seen from the foregoing description, the feature of the present invention resides in that management 
information is embedded in data by using the data hiding technique or the like, which embeds data through data trans- 
formation without changing amount of data, and, when the data is accessed (regenerated or recorded), a system for 
5 managing access to the data is controlled based on the management information. Therefore, the present invention is 
not limited to the aforementioned data hiding method and it is noted that the present invention is applicable to a variety 
of methods. 

[0079] Finally, a description will be made of a data access system shown in Figure 8. While the aforementioned man- 
agement information represents three statuses with two bits, an embodiment described here is intended to substantially 

w provide three statuses for the system with one-bit management information. To this end, the system of the embodiment 
comprises a controller 81 that detects in what State data is supplied to the system, and controls output of the system 
according to the state. A data supply unit 82 is to supply data embedded with management information to the access 
system, and includes, for example, an optical system for reading data from DVD-ROM, and a circuit for capturing data 
on the internet into the system. Here, the management information is represented by one-bit information respective bit 

is of which indicates the following information. 

(Management Information) 
[0080] 

20 



Status 


Content of management 
information 


Duplication inhibited 
Duplication allowed 


1 

0 



30 [0081] Data supplied from the data supply unit 82 is processed by a signal processing system 83 that performs 
demodulation, decryption, D/A conversion or the like. A management information extractor 84 specifies an embedding 
region in which management information is embedded from the data obtained through processing by the signal 
processing system 83, and extracts the management information according to the state of an embedding region by 
referring to an extraction rule in correspondence with content of data for extracting the state of the embedding region. 

35 The management information extractor 84 outputs a control signal according to the extracted information. The control 
signal is for controlling an output unit 85, superimposes an interference signal selectively generated by an interference 
signal generator 86 according to the content of the control signal on the output signal, and outputs them. That is. when 
the management information is bit 0 (duplication allowed), a switch in the output unit 85 is turned off to output the data. 
On the other hand, when the management information is bit 1 (duplication inhibited), the switch is turned on to super- 

40 impose an interference signal on the data, and to output them. Since the operation is substantially same as that of the 
components of the system shown in Figure 5, no further detail is described. 

[0082] A controller 81 connects to the data supply unit 82, and monitors in what state the data is supplied to the sys- 
tem. Then, even when the management information is bit 0, or allows duplication of the data, the controller 81 controls 
the output unit 85 so that the switch in the output unit 85 js turned on depending on the result of supply state to output 
45 a superimposed signal. That is, duplication of data is forcedly inhibited, although the management information itself 
allows duplication of the data. 

[0083] A specific data supply state is determined by monitoring, for example, "when data is captured into an access 
system through a recording medium, in duplication, whether the loaded recording medium is a read-only type or a rewri- 
table type." The type of recording medium can be easily determined since rt can be recognized in an untamparable area 

so (lead-in area) of the recording medium by the system through hardware. When it is intended to perform duplication of 
data in a state where the data is being supplied from a read-only recording medium, the controller 81 would not forcedly 
turn off the switch. Thus, the access system operates after the extracted management information, and data can be 
duplicated as long as the management information allows the duplication. On the other hand, when it is intended to 
duplicate data in a state where the data is being supplied from a rewritable recording medium, the controller 81 turns 

55 on the switch regardless of the content of management information. Thus, data cannot be duplicated from the rewritable 
recording medium. 

[0084] Generally, when famous or important content is prevented from illegal duplication or tampering, a supplier of 
content stores and distributes it in a ROM. Therefore, the supply state in ROM state means that the data can be con- 
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sidered to be original, rather than duplicated data. On the other hand, when data is supplied as a RAM or R, in most 
cases, the data can be considered to be duplicated data already duplicated in the RAM or R. Therefore, as long as the 
data stored in a ROM is considered to be original, and that in a RAM or R is considered to be duplicated data, further 
duplication of duplicated data, or illegal duplication can be effectively prevented by providing such function in the sys- 
5 tern. Consequently, even with the one-bit management information that can represent only two status of "duplication 
allowed or inhibited," the system determines whether or not data is original according to its supply state, so that a third 
status of "one-time duplicability" can be substantially provided for the system. 

[0085] Since the management information to be embedded can be represented by one bit, instead of two bits, it 
becomes unnecessary to take sequence of bit arrangement into account rather than the size of management informa- 

io tion. If the content of information differs for the arrangement of bits 01 and 10 when the management information is of 
two bits, it is necessary to take their sequence into account in extracting the information. However, if it is of one bit, it is 
not necessary. Therefore, significant improvement is provided for accuracy in extraction of information. 
[0086] . The supply state to be monitored may include a case, "When data is captured through communication or 
broadcasting, whether or not an access system is connected to a network in duplication" in addition to the aforemen- 

is tioned case. In this case, if data is connected to the network in duplication, the data is considered to be original. How- 
ever, if data is not connected to a network in duplication, it is considered to be duplicated data further duplicated from 
duplicated data stored in a location other than the network (e.g., a ROM in the own system). Therefore, for the duplica- 
tion through a network, it is sufficient to allow duplication under a condition that data is connected to the network. Fur- 
thermore, various approaches may be contemplated including monitoring when data is being supplied. 

20 

[Applicability in Industry] 

[0087] As described above, a supplier embeds an access condition for a receiver of content to be supplied as man- 
agement information in the content itself, and distributes the content to general public. An access system, which 
25 receives the content, contains a function therein that extracts the management information embedded in the content, 
and controls access to the content according to the access condition defined by the management information. There- 
fore, the receiving system can effectively inhibit access to the content by the receiver, particularly illegal duplication of 
the content by the receiver. 

30 Claims 

1 . A method for managing access to data by utilizing management information that is embedded in said data through 
data transformation without changing amount of data, comprising the steps of: 

35 extracting the management information embedded in the data; and 

managing access to said data according to said extracted management information. 

2. The method as set forth in Claim 1 , wherein said step for managing the access comprises a step of changing man- 
40 agement of access to said data according to the type of medium for storing said data. 

3. The method as set forth in Claim 2, wherein said type of medium is ROM, RAM or R. 

4. The method as set forth in any one of Claims 1 through 3, wherein said management information contains informa- 
45 Won for controlling storage of said data, reception of said data, playback of said data, interference of output of said 

data, duplication history of said data, or modification of said management information. 

5. The method as set forth in Claim 4, wherein said step tor managing the access comprises a step of, after managing 
the access to said data according to said management information, embedding, separate from said management 

so information, additional information for managing access to said data in said data, said management information 
and said additional information managing subsequent access to said data. 

6. A system for managing access to data comprising: 

55 an extractor for extracting management information from said data, said management information being 

embedded in said data through data deformation without changing amount of data; and 

a unit for managing access to said data according to said extracted management information. 
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7. The system as set forth in Claim 6, wherein said unit for managing access comprises a unit for changing manage- 
ment of access to said data according to the type of medium for storing said data. 

8. The system as set forth in Claim 7, wherein said type of medium is ROM, RAM or R. 

9. The system as set forth in any one of Claims 6 through 8, wherein said management information contains informa- 
tion for controlling storage of said data, reception of said data, playback of said data, interference of output of said 
data, duplication history of said data, or modification of said management information. 

10. The system as set forth in Claim 9, wherein said unit for managing access comprises: 

a unit for, after managing the access to said data according to said management information, embedding, sep- 
arate from said management information, additional information for managing access to said data in said data; 
and 

a unit for managing subsequent access to said data according to said management information and said addi- 
tional information. 

1 1 . A data recording system comprising: 

an extractor for extracting management information from said data, said management information being 
embedded in said data through data deformation without changing amount of data; and 

a unit for managing access to a medium of said data according to said extracted management information. 

12. A system for duplicating data comprising: 

an extractor for extracting management information from said data, said management information being 
embedded in said data through data deformation without changing amount of data; and 

a unit for managing access to a medium of said data according to said extracted management information. 

13. A system for receiving data comprising: 

a unit for receiving the data with a receiver; 

an extractor for extracting management information from said received data, said management information 
being embedded in said data through data deformation without changing amount of data; and 

a controller for controlling output of said data outside said receiver according to said extracted management 
information. 

14. A system for playing back data comprising: 

an extractor for extracting management information from said data, said management information being 

embedded in said data through data deformation without changing amount of data; and 

a controller for controlling playback of said data according to said extracted management information. 

15. A system for interfering output of data comprising: 

an extractor for extracting management information from said data, said management information being 
embedded in said data through data deformation without changing amount of data; and 

a controller for controlling interference of output of said data according to said extracted management informa- 
tion. 

16. A system for managing duplication history of data comprising: 
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an extractor for extracting management information and additional information from said data, said manage- 
ment information and said additional information being embedded in said data through data deformation with- 
out changing amount of data; 

a controller for controlling duplication of said data according to said extracted management and additional 
information; 

when the additional information does not exist in said data, a unit for embedding additional information in said 
data according to the result of control on duplication of said data; and 

when the additional information exists in said data, a unit for modifying and embedding said additional informa- 
tion in said data according to the result of control on duplication of said data. 

1 7. A system for modifying management of access to data comprising: 

an extractor for management information of access to data from said data, said management information being 
embedded in said data through data transformation without changing amount of data; 

a controller for controlling access to said data according to said extracted access management information; 
and 

a unit for modifying said access management information according to the result of access control to the data. 

18. The system as set forth in any one of Claims 1 1 through 1 7, wherein said controller comprises a unit for changing 
the control according to the type of medium containing said data. 

19. A system for embedding access information, said system embedding information managing access to data, said 
system comprising: 

a unit for preparing management information to be embedded; and 

a unit for embedding said management information in said data through data transformation without changing 
amount of data. 

20. A medium containing a program for embedding management information causing it to manage access to data, said 
program comprising: 

a function for preparing management information to be embedded; and 

a function for embedding said management information in said data through data transformation without 
changing amount of data. 

21 . A medium containing a program for causing it to perform access management to data, said program comprising: 

a function for extracting management information embedded in the data through data transformation without 
changing amount of data; and 

a function for managing access to the data according to said extracted management information. 
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[Figure 2] 
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[Figure 3] 
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[ Figure 4 ] 



Digital distribution media 

- Package media (Optical disks. 
Tape, etc.) 

- Communications (Internet, etc.) 

- Broadcasting (Satellite 
broadcasting , etc . j 



1 


r Step 41 


Demodulation 




r Step 42 


Decoding 




r Step 43 


Decompression 




r Step 44 


Digital/analog 
conversion j 




r 



t Control of equipment 
-M based on extracted 
•management information 

i Change and embedding"* 
. of management 
1 information 



Analog playback 




18 



EP 0 942 418 A1 



[Figure 5] 
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[Figure 6] 




[Figure 7] 
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[Figure 8] 
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